Week 10 Takeaways

Reading Summary: Web Application Hacking

Web application hacking is very common through client-submission of unexpected inputs. Knowing how to leverage such vulnerabilities is very important and yet challenging for most organizations. Injection attacks are very popular which are delivered by a malicious code to a web application. The goal of such attacks are to obtain restricted data from a back end database which results in data exfiltration. A great example of a web application hacking is SQL injection which simply bypasses security controls and offers access directly into very sensitive data. However, there are already tools developed to minimize such attacks, if not stop them all together from occurring. One of these tools is Burp Suite which is an integration of various tools to perform security testing of Web applications. In addition, it aids penetration testers in the entire testing process from the mapping phase all the way to the identification of vulnerabilities and exploitation. Some of the features of this tool include proxy, spider, intruder, repeater, sequencer, decoder, and comparer where the two most important tools of the framework are intruder and repeater.

Question for the class:

Have you used any tools to prevent web application hacking such as those offered by the Burp Suite? If so, what was your experience and takeaway?

In the News:

Insight – Cyber insurance premiums rocket after high-profile attacks

Following a wave of attacks (i.e.: profile breaches at Home Depot Inc., Target Corp., Anthem Inc., and Premera Blue Cross) insurers have massively increased cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover. Insurers are also raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.

For additional information regarding this article, please click here.